Summary
Highlights
Malware such as viruses, worms, and Trojan horses can cause damage to computers, but they differ in their behavior. A virus attaches itself to a program or file, spreading through human action and ranging from annoying effects to severe hardware/software damage. A worm is a sub-class of viruses that can self-replicate and spread across networks without human intervention, consuming system resources and causing network slowdowns. A Trojan horse appears legitimate but is designed to inflict damage, often creating backdoors for malicious users, similar to network sniffing.
A sniffing attack, also known as a sniffer attack, involves intercepting data by capturing network traffic using a sniffer application. If data packets are unencrypted, sensitive information can be read. There are two main types: active sniffing, conducted on switched networks by injecting traffic into the LAN; and passive sniffing, used on hub-based networks where attackers can easily capture all data traffic.
ARP is a communication protocol essential for discovering the link layer address (MAC address) associated with an Internet Protocol (IP) address. It functions similarly to DNS by mapping network addresses to physical addresses. An ARP request is broadcast to find a MAC address for a known IP address, and the responding system provides its MAC address. This information is then cached to reduce network traffic.
ARP poisoning is an attack where the attacker falsifies ARP tables, linking their MAC address to the IP addresses of other hosts on the network. This allows the attacker to intercept, modify, or block traffic between the poisoned hosts. The video demonstrates this using two Windows hosts as victims and a Kali Linux machine to carry out the attack, by clearing ARP caches and then poisoning them.